Police Exchange E-mails with Hackers in Sting

Symantec says it never offered a ransom to hackers who stole source code of its pcAnywhere software to prevent the posting of the company's intellectual property on the Internet.

On Monday, hackers claimed they leaked about 1.25 gigabytes of the source code of pcAnywhere, software that allows users to access their personal computers remotely. Symantec confirmed the source code of pcAnywhere and Norton Utilities were made public. The company identified the software as part of the original cache of code for 2006 versions of the products that Anonymous had claimed to possess over the past few weeks.

Hackers who use the moniker the Lords of Dharamaja, and claim to be affiliated with the hacktivist collective Anonymous, said in a Twitter post Monday: "You won't believe it but Symantec offered us money to keep quiet."

But in a statement issued Tuesday, Symantec spokesman Cris Paden said Anonymous initiated the contact, and it never considered paying ransom. Instead, Paden said, Symantec contacted law enforcement authorities.

A day before, hackers posted on pastebin.com what they said was an e-mail exchange they had with a Symantec official called Sam Thomas. In one message, Thomas wrote:

"We can't pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem."

Paden said the posted e-mail string was between the hackers and police who used a fake e-mail address. "Anonymous actually reached out to us first, saying that if we provided them with money, they would not post any more source code," Paden said. "At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them. All subsequent communications were actually between Anonymous and law enforcement agents, not Symantec. This was all part of their investigative techniques for these types of incidents."

Citing the continuing investigation, Paden didn't provide further details on the contact with the hackers.

Paden said Symantec was prepared for the code to be posted at some point, and had distributed a series of patches since Jan. 23 to protect customers against known vulnerabilities.

Symantec said hackers also obtained code for the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. "This is old code, and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products," Paden said.

Still, he said: "We anticipate that Anonymous will post the rest of the code they have claimed to have in their possession."

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;